CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-9072 770 2019-02-24 2021-12-10
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.
102 CVE-2019-9071 674 2019-02-24 2021-12-10
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.
103 CVE-2019-9070 125 2019-02-24 2021-12-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
104 CVE-2019-9066 79 XSS 2019-02-23 2019-02-25
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.
105 CVE-2019-9065 20 2019-02-23 2021-07-21
4.0
None Remote Low ??? None Partial None
PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount.
106 CVE-2019-9064 22 Dir. Trav. 2019-02-23 2019-02-25
5.0
None Remote Low Not required Partial None None
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file.
107 CVE-2019-9063 20 2019-02-23 2021-07-21
4.0
None Remote Low ??? None Partial None
PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.
108 CVE-2019-9062 352 CSRF 2019-02-23 2019-02-25
6.0
None Remote Medium ??? Partial Partial Partial
PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.
109 CVE-2019-9052 352 CSRF 2019-02-23 2019-02-25
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
110 CVE-2019-9051 352 CSRF 2019-02-23 2019-02-25
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
111 CVE-2019-9050 434 Exec Code 2019-02-23 2019-02-25
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
112 CVE-2019-9049 352 CSRF 2019-02-23 2019-02-25
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
113 CVE-2019-9048 352 CSRF 2019-02-23 2019-02-25
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
114 CVE-2019-9047 89 Sql 2019-02-23 2019-02-25
7.5
None Remote Low Not required Partial Partial Partial
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
115 CVE-2019-9042 434 Exec Code 2019-02-23 2019-04-16
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules.
116 CVE-2019-9041 94 Exec Code 2019-02-23 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
117 CVE-2019-9040 352 CSRF 2019-02-23 2019-02-25
6.8
None Remote Medium Not required Partial Partial Partial
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
118 CVE-2019-9038 125 2019-02-23 2019-02-27
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.
119 CVE-2019-9037 125 2019-02-23 2019-02-27
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
120 CVE-2019-9036 787 Overflow 2019-02-23 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c.
121 CVE-2019-9035 125 2019-02-23 2019-02-27
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c.
122 CVE-2019-9034 125 2019-02-23 2019-02-27
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c.
123 CVE-2019-9033 125 2019-02-23 2019-02-27
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c.
124 CVE-2019-9032 787 2019-02-23 2019-02-27
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c.
125 CVE-2019-9031 476 2019-02-23 2019-02-27
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c.
126 CVE-2019-9030 125 2019-02-23 2019-02-27
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c.
127 CVE-2019-9029 125 2019-02-23 2019-02-27
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c.
128 CVE-2019-9028 125 2019-02-23 2019-02-25
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.
129 CVE-2019-9027 787 Overflow 2019-02-23 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.
130 CVE-2019-9026 787 Overflow 2019-02-23 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.
131 CVE-2019-9025 119 Overflow 2019-02-22 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.
132 CVE-2019-9024 125 2019-02-22 2019-06-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
133 CVE-2019-9023 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
134 CVE-2019-9022 125 2019-02-22 2019-06-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
135 CVE-2019-9021 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
136 CVE-2019-9020 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
137 CVE-2019-9019 119 Overflow 2019-02-22 2019-02-26
4.6
None Local Low Not required Partial Partial Partial
The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.
138 CVE-2019-9016 79 XSS 2019-02-22 2019-02-22
4.3
None Remote Medium Not required None Partial None
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI.
139 CVE-2019-9015 22 Dir. Trav. 2019-02-22 2019-02-22
6.4
None Remote Low Not required None Partial Partial
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site.
140 CVE-2019-9004 401 2019-02-22 2020-08-24
5.0
None Remote Low Not required None None Partial
In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.
141 CVE-2019-9003 416 Exec Code 2019-02-22 2021-06-02
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
142 CVE-2019-9002 94 Exec Code 2019-02-22 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed.
143 CVE-2019-8996 119 Overflow 2019-02-21 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
144 CVE-2019-8985 787 DoS Exec Code Overflow 2019-02-21 2020-08-24
9.0
None Remote Low Not required Partial Partial Complete
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
145 CVE-2019-8984 79 XSS 2019-02-21 2019-02-21
4.3
None Remote Medium Not required None Partial None
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
146 CVE-2019-8983 79 XSS 2019-02-21 2019-02-21
4.3
None Remote Medium Not required None Partial None
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
147 CVE-2019-8982 918 2019-02-21 2019-02-21
6.8
None Remote Medium Not required Partial Partial Partial
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
148 CVE-2019-8980 401 DoS 2019-02-21 2021-06-02
7.8
None Remote Low Not required None None Complete
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
149 CVE-2019-8979 89 Sql 2019-02-21 2019-04-12
7.5
None Remote Low Not required Partial Partial Partial
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
150 CVE-2019-8955 770 DoS 2019-02-21 2020-08-24
5.0
None Remote Low Not required None None Partial
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
Total number of vulnerabilities : 839   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.